IT Security Newsletter - 11/14/2023
22 Energy Firms Hacked in Largest Coordinated Attack on Denmark's Critical Infrastructure
Hackers compromised 22 energy organizations in a coordinated attack against Denmark's critical infrastructure, non-profit cybersecurity center for critical sectors SektorCERT reveals. As part of the attack, which occurred in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date. READ MORE...
Henry Schein says customer data breached in cyber incident
Henry Schein, a medical and dental supplies company, is still recovering from a cybersecurity incident last month that took some of its systems offline. In a letter to its customers, the company disclosed on Monday that a data breach occurred, but "we do not have all the details of what data may have been compromised." Customer bank accounts and credit card numbers may have been affected. READ MORE...
Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East
A pro-Palestinian cyber espionage group focused on compromising government targets in the Middle East has improved its attack tools with a sophisticated initial access downloader - all the while largely ignoring the conflict unfolding in Israel and the Palestinian territories. TA402 (aka Molerats and Frankenstein) rolled out a new sophisticated tool named IronWind, which it used in three campaigns aimed at compromising systems within government agencies throughout the Middle East and Northern Africa. READ MORE...
Dragos again targeted by ransomware group, this time from AlphV
Dragos is once again the subject of an extortion attempt, this time from AlphV, also known as BlackCat, which claims to have breached the industrial cybersecurity specialist through a third-party hack. AlphV, linked to the high-profile social engineering attack against MGM Resorts in September, claims to have gained access to Dragos, according to post on X, the site formerly known as Twitter, by security researcher Dominic Alvieri. READ MORE...
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Siemens and Schneider Electric's Patch Tuesday advisories for November 2023 address roughly 90 vulnerabilities affecting their products. Siemens has released 14 new advisories to inform customers about more than 80 vulnerabilities, many of which impact third-party components. Schneider Electric has released three new advisories to inform customers about the availability of patches for five vulnerabilities. READ MORE...
Ransomware royale: US confirms Royal, BlackSuit are linked
The US' Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The agencies didn't specify a reason for the rebrand or spinoff variant, but rebranding in the ransomware industry is fairly common. READ MORE...
Ducktail Malware Targets the Fashion Industry
Ducktail is targeting marketing professionals in the fashion industry with its latest campaign, where the threat actors send out archives containing images of authentic products from well-known companies alongside a malicious executable camouflaged as a PDF file. According to a report from Kaspersky, upon execution, the malware opens a genuine embedded PDF, detailing job information, with the attack crafted to appeal to marketing professionals actively seeking career changes. READ MORE...
Novel backdoor persists even after critical Confluence vulnerability is patched
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence. The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied. Patches were made available from October 31, with Atlassian telling customers at the time they "must take immediate action". READ MORE...
Juniper networking devices under attack
CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be - and have been - chained together by attackers to achieve remote code execution on internet-facing vulnerable devices. Juniper Networks fixed four flaws affecting the J-Web GUI of Junos OS-powered devices in late August 2023. READ MORE...
- ...in 1851, Herman Melville's "Moby-Dick" is first published in the US.
- ...in 1960, Ruby Bridges becomes the first Black child to attend a previously segregated elementary school in Louisiana.
- ...in 1967, physicist Theodore Maiman is granted a patent for the first-ever laser, using a synthetic ruby crystal to create a coherent light beam.
- ...in 1969, Apollo 12 is launched. It is the second crewed mission to the surface of the Moon.